0

Suppose I have the classes/models

  • Projects (has many lists)
  • Lists

I want to allow only users that are collaborators of a project to be able to add lists. How do I do that. I know I should use Zend_Acl_Assert but what do I pass as the resource. For edit/delete I will pass the list itself. For add it seems more like it should be a project. Which seems more correct if I move the ListsController#addAction() to ProjectsController#addListAction()? This is 1 possibility

But if I want to do something like ListsController#addAction() how can I setup my acl?

$acl->allow('user', 'list', 'add', new assertClass());

Will pass 'list' as the resource. Can I somehow pass a project object instead? It does not seem to make sense tho

Jiew Meng
  • 84,767
  • 185
  • 495
  • 805

2 Answers2

1

Can I somehow pass a project object instead?

As long as the object implements Zend_Acl_Resource_Interface and has been registered in the ACL, you can use anything you want.

Phil
  • 157,677
  • 23
  • 242
  • 245
  • Do you mean that I can pass any object that implements `Zend_Acl_Resource_Interface` to `Zend_Acl_Assert_Interface#assert()`? But with something like `$acl->allow('user', 'list', 'add', new assertClass())` how can I do that? – Jiew Meng Dec 22 '10 at 02:29
  • Erm you know, usually I think we should be working with `Zend_Acl` over the underlying `Assert_Interface`? – Jiew Meng Dec 22 '10 at 03:08
  • @jiewmeng That's correct. The assert interface object will receive the resource passed to `isAllowed()` – Phil Dec 22 '10 at 03:41
  • then how would you define the acl such that when user request to add a list, pass a project to the acl/assert. Something like `$acl->isAllowed($user1, $project1, 'add')` does is counter intuitive if I meant to add a list is it? – Jiew Meng Dec 22 '10 at 07:07
0

Why are you passing the list for edit and delete, seems unnecessary? Doing it without the passing the list will work fine.

If you require extra checks, what I've done is add a ensurePermission check on my model preSave, which checks the ACL among other things to determine that it's all good.

balupton
  • 47,113
  • 32
  • 131
  • 182
  • I am passing the list to check that the user is the owner of the project/list to be able to edit/delete – Jiew Meng Dec 22 '10 at 02:27